Trace login



every day I have some “successful login” entries from a collegues userid on my Win7 workstation’s eventlog.
I talked to my collegue and we searched his computer but did not find anything that could hav caused this logins.
There is no share he connects to, no messenger we use together or no filesharing.

How can I use whireshark to discover what’s going on. I know the Windows domain, the account name, and the IP address.
For we have a very large network, I need a way to log as little traffic as possible.

Can someone help?


You can create a display filter to show traffic his IP address:

ip.src == [IP Address]